<?php
	require_once('init.php');
	
	//Get Current Page
	if (! isset($_GET['page']) || $_GET['page'] == '') {$page = '1';} 
	else {$page = $_GET['page'];}
	
	//Isset Delete Action
	if (isset($_GET['f']) && $_GET['f'] == 'del') 
	{
		//Try Delete User
		if (!$adminDB->executeSQL("delete from ".$util->userdbName().".tbUser where id='".$_GET['id']."'", $connID)) 
		{
			echo "<script>alert('用户信息删除失败！');</script>";
		}
		else
		{		
			//Insert AdminLog
			if(!$adminDB->executeSQL("insert into ".$util->userdbName().".tbAdminLog (fdOperatorID,fdAction,fdTarget,fdUserID,fdTime) values('".$_SESSION['adminid']."', 'DELETE', '".$util->userdbName().".tbUser where id = ".$_GET['id']."' , '".$_GET['id']."' , now())", $connID))			
			{
				echo "<script>alert('用户信息删除成功！管理日志添加失败');</script>";
			}
			else
			{		
				//Delete Address
				if (isset($_POST['address']) && $_POST['address'] != ''){
					$sql = "delete from ".$util->userdbName().".tbAddress where fdUserID='".$_GET['id']."'";
					$adminDB->executeSQL($sql, $connID);
				}
				//Delete Telephone and Mobilephone
				if (isset($_POST['telephone']) && $_POST['telephone'] != ''){
					$sql = "delete from ".$util->userdbName().".tbPhone where fdUserID='".$_GET['id']."'";
					$adminDB->executeSQL($sql, $connID);
				}
				//Delete Email
				if (isset($_POST['email']) && $_POST['email'] != ''){
					$sql = "delete from ".$util->userdbName().".tbEmail where fdUserID='".$_GET['id']."'";
					$adminDB->executeSQL($sql, $connID);
				}
				echo "<script>alert('用户信息删除成功！');</script>";
			}
		}
	}
	
	//Set Shown Form Default New
	$isShow = 'N';
	
	//Isset Edit Action
	if (isset($_GET['f']) && $_GET['f'] == 'edit'|| (isset($_POST['f']) && $_POST['f'] == 'edit')) 
	{
		//Confirm Post
		if (isset($_POST['f']) && $_POST['f'] == 'edit') 
		{
			if (! $adminDB->executeSQL("select fdLogin, fdName from ".$util->userdbName().".tbUser where fdName ='".trim($username)."'", $connID))
			{
				//Try Update User
				if (! $adminDB->executeSQL("update ".$util->userdbName().".tbUser set fdCompany='".trim($_POST['company'])."' , fdPosition='".trim($_POST['position'])."' where id='".$_POST['id']."'", $connID)) 
				{
					echo "<script>alert('用户更改失败！');</script>";
				}
				else 
				{
					//Insert AdminLog
					if(!$adminDB->executeSQL("insert into ".$util->userdbName().".tbAdminLog (fdOperatorID,fdAction,fdTarget,fdUserID,fdTime) values('".$_SESSION['adminid']."', 'UPDATE', '".$util->userdbName().".tbUser set fdCompany=".trim($_POST['company']).", fdPosition=".trim($_POST['position'])." where id=".$_POST['id']."' , '".$_POST['id']."' , now())", $connID))
					{
						echo "<script>alert('用户更改成功！管理日志添加失败');</script>";
					}
					else
					{
						//Update Address
						if (isset($address) && $address != ''){
							$addresscount = $adminDB->executeSQL("select count(*) as num from ".$util->userdbName().".tbAddress where fdUserID = '".$_POST['id']."' and fdDefault = 0", $connID);
							if($addresscount[0]['num']>0)
							{
								$sql = "update ".$util->userdbName().".tbAddress set fdAddress = '".trim($_POST['address'])."', fdPostcode = '".trim($_POST['postcode'])."' where fdUserID = '".$_POST['id']."' and fdDefault = 0";
							}
							else
							{
								$sql = "insert into ".$util->userdbName().".tbAddress(fdUserID, fdAddress, fdPostcode, fdDefault) values('".$_POST['id']."', '".trim($_POST['address'])."', '".trim($_POST['postcode'])."', 0)";
							}
							$adminDB->executeSQL($sql, $connID);
						}
						//Update Telephone
						if (isset($telephone) && $telephone != ''){
							$telecount = $adminDB->executeSQL("select count(*) as num from ".$util->userdbName().".tbPhone where fdUserID = '".$_POST['id']."' and fdTypeID = 0 and fdDefault = 0", $connID);
							if($telecount[0]['num']>0)
							{
								$sql = "update ".$util->userdbName().".tbPhone set fdPhone = '".trim($_POST['telephone'])."' where fdUserID = '".$_POST['id']."' and fdTypeID = 0 and fdDefault = 0";
							}
							else
							{
								$sql = "insert into ".$util->userdbName().".tbPhone(fdUserID, fdPhone, fdDefault,fdTypeID) values('".$_POST['id']."', '".trim($_POST['telephone'])."', 0,0)";
							}			
							$adminDB->executeSQL($sql, $connID);
						}
						//Update Mobilephone
						if (isset($mobilephone) && $mobilephone != ''){
							$mobilecount = $adminDB->executeSQL("select count(*) from ".$util->userdbName().".tbPhone where fdUserID = '".$_POST['id']."' and fdTypeID = 1 and fdDefault = 0", $connID);
							if($mobilecount[0]['num']>0)
							{
								$sql = "update ".$util->userdbName().".tbPhone set fdPhone = '".trim($_POST['mobilephone'])."' where fdUserID = '".$_POST['id']."' and fdTypeID = 1 and fdDefault = 0";
							}
							else
							{
								$sql = "insert into ".$util->userdbName().".tbPhone(fdUserID, fdPhone, fdDefault,fdTypeID) values('".$_POST['id']."', '".trim($_POST['mobilephone'])."', 0,1)";
							}			
							$adminDB->executeSQL($sql, $connID);
						}
						//Update Email
						if (isset($email) && $email != ''){
							$emailcount = $adminDB->executeSQL("select count(*) from ".$util->userdbName().".tbEmail where fdUserID = '".$_POST['id']."' and fdDefault = 0", $connID);
							if($emailcount[0]['num']>0)
							{
								$sql = "update ".$util->userdbName().".tbEmail set fdEmail = '".trim($_POST['email'])."' where fdUserID = '".$_POST['id']."' and fdDefault = 0";
							}
							else
							{
								$sql = "insert into ".$util->userdbName().".tbEmail(fdUserID, fdEmail, fdDefault) values('".$_POST['id']."', '".trim($_POST['email'])."', 0)";
							}
							$adminDB->executeSQL($sql, $connID);			
						}				
						
						//Update Password
						if (isset($_POST['password']) && $_POST['password'] != ''){
							$sql = "update ".$util->userdbName().".tbUser set fdPassword=md5('".trim($_POST['password'])."') where id='".$_POST['id']."'";
							$adminDB->executeSQL($sql, $connID);
						}
					
						echo "<script>alert('用户更改成功！');</script>";
					}
				}
			}
			else
			{
				echo "<script>alert('已存在同名用户！请保证重新修改用户名');</script>";
			}
		}
		//Get Current ColumnID
		if (isset($_GET['id'])) 
		{
			$id = $_GET['id'];
		} 
		else 
		{
			$id = $_POST['id'];
		}
		//Query Current User
		$user = $adminDB->executeSQL("select u.id, u.fdLogin, u.fdName, u.fdCompany, u.fdPosition, a.fdAddress, a.fdPostcode, t.fdPhone fdTelePhone, m.fdPhone fdMobilePhone, e.fdEmail from ".$util->userdbName().".tbUser u left outer join ".$util->userdbName().".tbAddress a on a.fdUserID = u.id and a.fdDefault = 0 left outer join ".$util->userdbName().".tbPhone t on t.fdUserID = u.id and t.fdDefault = 0 left outer join ".$util->userdbName().".tbPhone m on m.fdUserID = u.id and m.fdDefault = 1 left outer join ".$util->userdbName().".tbEmail e on e.fdUserID = u.id where id='".$id."'", $connID);
		//Assign Current User
		$smarty->assign('user', $user);
		//Set Shown Form Edit
		$isShow = 'E';
	}
	//Query User List	
	$sql = "select id,fdLogin,fdName,fdCompany,fdPosition,fdActive from ".$util->userdbName().".tbUser";
	$users = $pageDB->pageData($sql, $connID, 20, $page);		
	$smarty->assign('users', $users);
		
	$smarty->assign('isShow', $isShow);
	$smarty->display('admin_listuser.html');
	
	$connDB->closeConnID();
	
?>